WebKit 'window.open()' method Cross Domain Scripting Vulnerability
WebKit is prone to a cross-domain scripting vulnerability because it fails to properly enforce the same-origin policy.
An attacker can exploit this issue to execute arbitrary code in the context of a different domain. Successful exploits may result in privilege escalation.
Versions prior to WebKit r52401 are vulnerable.
NOTE: This issue was previously documented in BID 37948 (Google Chrome prior to 184.108.40.206 Multiple Security Vulnerabilities) but has been assigned its own record to better document it.